Backdoor access to encryption threatens the privacy of us all

Will government agencies respect our privacy and work in our best interests? Will access fall into the wrong hands?

Canada’s spy agencies want access to your encrypted communication – and they have a ploy to get it without going through Parliament.

Australia is where the action is taking place, since that country has fewer constitutional protections for privacy. The 2018 Assistance and Access Bill would force tech companies such as Wickr and Telegram to provide state agencies with backdoor access to otherwise encrypted messages.

If passed, this legislation would be even more invasive than the United Kingdom’s notorious 2016 Investigatory Powers Act, also known as the Snoopers’ Charter. Access Now, an international non-governmental organization that advocates for individual rights online, explains that the Australian version grants “broad authorities that will increase government hacking.”

Their greatest concern is unpredictability. There is “almost no understanding of the limitations, the implications, or oversight. … It is unclear who could be implicated, what could be requested, what the effects would be, and how oversight would work.”

The rising pressure on tech companies suggests their prevailing encryption methods are a barrier. That has been the impetus for the five-nation initiative, announced after an August meeting.

The meeting attendees contend that rising and elaborate “encryption designs present challenges for nations in combating serious crimes and threats to national and global security. … [Encryption is] being used by criminals, including child sex offenders, terrorists and organized crime groups, to frustrate investigations and avoid detection and prosecution.”

While the alliance members claim to oppose “arbitrary or unlawful interference,” they also state ominously that “privacy is not absolute.” They are already pressuring tech firms to “voluntarily establish lawful access solutions to their products and services.”

We face an unprecedented level of surveillance capacity. This is not a matter of simply searching “homes, vehicles, and personal effects,” although the Five Eyes representatives seek to draw the parallel. Even those conventional domains are vulnerable to pernicious invasions from state agents, as High River residents know all about in Alberta.

While there’s no doubt that some bad actors use encryption to hide their tracks, we must consider whether that compels us to make all-encompassing data available to state agencies. Will these agencies respect our privacy and work in our best interests rather than their own? Once tech companies construct backdoor access, how likely is that access to fall into the wrong hands?

We need not look far to find the answers.

Canada’s spy agencies have a documented history of abusing their powers and misleading those appointed to limit agency overreach. As reported by the Globe and Mail in 2013, Federal Court Judge Richard Mosley rebuked CSIS and CSE for illegally utilizing U.S. and British surveillance dragnets and for their “deliberate decision to keep the court in the dark.”

CSIS officials, Mosley wrote, “strategically omit[ted] information in [warrant] applications … about their intention to seek the assistance of the foreign partners.”

Documents released by U.S.-exile and whistleblower Edward Snowden demonstrate a nonchalant attitude towards privacy from the Five Eyes intelligence agencies. The Guardian has reported that in 2008, the Australian Signals Directorate (ASD) was already able to “share bulk material” without the sort of privacy restraints Canadians would expect. The United States and the United Kingdom have been sharing metadata on each other’s constituents and targeted foreigners, even German Chancellor Angela Merkel.

The temptation to use this backdoor access is great and not only for snooping state agencies. Such private information commands lucrative returns on the black market. Victoria Henderson, a doctoral candidate at Queen’s University in Kingston, Ont., has written how Five Eyes intelligence has been used for corporate espionage. That includes Canadian spying on Petrobras of Brazil, as the company sought to auction off oil rights.

Henderson writes that economic espionage, going both ways, is widely acknowledged and should be protected against, not hastened. It merits concern because it costs “Canada billions every year and [puts] Canadian companies at a competitive disadvantage in international markets.”

As Henderson writes, “Nothing is arguably more naive than giving government a blank cheque for national security.” Digital spying from Canadian intelligence agencies and their collaborators has already compromised Section 8 of the Charter of Rights and Freedoms. The borderless nature of online information compounds our challenge, since our privacy is vulnerable to foreign powers.

The Assistance and Access Bill in Australia is neither the beginning nor the end of the tussle for private data. The surreptitious nature of the strategy indicates the lines are drawn and demonstrates the need for vigilance towards Canada’s intelligence agencies. The burden of proof is on them to show they need and will be responsible with expanded surveillance powers.